The latest detected campaign utilizes multiple legitimately looking banners in an attempt to trick users into thinking that their media player needs to be updated. Once users install the bogus ‘Media Player Update’, they introduce third-party privacy-invading software onto their PCs and directly contribute to the revenue flow of the cybercriminals behind the campaign.

More details:

Sample screenshots of multiple deceptive ads leading to the same Potentially Unwanted Application (PUA):

The following MD5s that are known to have interacted with the same IP (98.129.229.186):MD5: 70dc774493a1741495675d5958530bbcMD5: 910c87b57f58793dfac033d82d1dfef6MD5: 8e0c8b6a2d742f7a933ec54042ce3c40MD5: 1c14cd6e4b8305587a993fe1fadc25eeMD5: e8cbbd58e318d768205c7b7c8a1800c8MD5: f64a91d5f8a2b2ecebbeec478ed5cf8bMD5: 485ee904242cf2f503425bd2546b0aea